Skip to main content
N
NitSi
New Member
May 14, 2026
Question

Config Backup CLI

  • May 14, 2026
  • 3 replies
  • 68 views

Hi- I am trying to take config backup using CLI and facing errors. Pings, Trace, Sniffer all are giving outputs

 

  1. FTP - Getting bellow error

Connect to ftp server <FTP server IP>
Please wait...
Send config file to ftp server via vdom root failed.
Command fail. Return code 10

 

  1. Using TFT- This is taking very long time and backup is not getting fully completed and gets timed out

Version of Firmware is v7.4.8 , , v7.4.9 , FortiOS v6.2.17 build1405 (GA)

 

Eventually, what I am trying to do is take config backup and then upgrade the OS version using python and API commands. Guss that will also give issues

    3 replies

    Anthony_E
    Staff
    Anthony_E
    Staff
    May 15, 2026

    Hello,

    Could you please have a look at this KB article and tell us if it is helping?:

    Anthony

    Best Regards
    N
    NitSiAuthor
    New Member
    May 18, 2026

    Nopes. Doesn’t help. 

     

    I am seeing strange behavior. The Fortinet FW device is reachable some times (e.g. Test -NetConnection) from VMs but not reachable most of the times. At same time the if I check from my VDI, it works.

    The backup happens sometime to FTP server  but most times it fails. E.g. works in afternoon and doesn’t in evening. And no change is settings or code. And there is not activity happening in network that should stop this. As per my VM and FTP SMEs there doesnmt seem to be anything wrong. Scratching my head as to why it works sometimes and why it doesnt.

     

    Which logs to check?

    msanjaypadma
    Staff
    msanjaypadma
    Staff
    May 15, 2026

    Hi ​@NitSi .

    Based on the provided information, it appears that Multi-VDOM is enabled on the firewall. 

    When connecting to an FTP server, the firewall may select a random or lowest-index IP address as the source IP for self-generated traffic. Typically, this source IP belongs to the Management VDOM, which defaults to "root" unless explicitly changed. 

    Please ensure that the source IP address is correctly selected and has proper reachability to the FTP server.

    Follow these steps:

    Step 1: Identify the Traffic Flow, Route towards FTP server
    Execute the command:  

    # get router info routing-table details <source>
    # get router info routing-table details <FTP server>
    # diagnose sniffer packet any "host x.x.x.x" 4 0 l

    Replace `x.x.x.x` with the FTP server's IP address.


    Step 2: Verify TCP Handshake
    Check if the TCP handshake is occurring correctly.

    If the source IP address is not as expected, you can create a /32 static route towards the FTP server with the `preferred-source` option and specify the source ip address of interface which belongs to management vdom only   hope in your case root vdom.
    Note: `preferred-source` is a new feature for local-out routing introduced in FortiOS v7.4.0. For more details, please refer to the relevant documentation.



    If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

    Thanks,
    Mayur Padma

      N
      NitSiAuthor
      New Member
      May 18, 2026

      Nopes. Doesn’t help. 

       

      I am seeing strange behavior. The Fortinet FW device is reachable some times (e.g. Test -NetConnection) from VMs but not reachable most of the times. At same time the if I check from my VDI, it works.

      The backup happens sometime to FTP server  but most times it fails. E.g. works in afternoon and doesn’t in evening. And no change is settings or code. And there is not activity happening in network that should stop this. As per my VM and FTP SMEs there doesnt seem to be anything wrong. Scratching my head as to why it works sometimes and why it doesnt.

       

      Which logs to check?

      Nivedha
      Staff
      Nivedha
      Staff
      May 20, 2026

      Hi ​@NitSi 
      Please check the local traffic logs to see why the traffic is denied (if its being denied by the firewall), it would also be useful to collect debug logs 

      https://docs.fortinet.com/document/fortigate/8.0.0/administration-guide/54688/debugging-the-packet-flow

      diagnose debug enable
      diagnose debug flow filter addr x.x.x.x   >>>>>>>>>» where x.x.x.x is the server IP
      diagnose debug flow show function-name enable
      diagnose debug flow trace start 100

       

      If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.
       

      Regards,
      Nivedha

        Terms & ConditionsAccessibility statement